summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--src/expr.c12
2 files changed, 16 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 6e4e9be31..84bda39a4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
2007-01-11 Jim Meyering <jim@meyering.net>
+ Avoid a leak in expr's implementation of the ":" (match) operator.
+ * src/expr.c (docolon): Free the regexp buffer using regfree, rather
+ than doing it manually, being careful to set fastmap to NULL first.
+ Free any re_regs.start and .end members, if necessary.
+
* tests/misc/test-diag: Work also when libc's error function
reports the entire program name ("../../src/test"), rather than
just the final component.
diff --git a/src/expr.c b/src/expr.c
index 7f9f5323d..352c80cc6 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -427,6 +427,10 @@ docolon (VALUE *sv, VALUE *pv)
tostring (sv);
tostring (pv);
+ re_regs.num_regs = 0;
+ re_regs.start = NULL;
+ re_regs.end = NULL;
+
re_buffer.buffer = NULL;
re_buffer.allocated = 0;
re_buffer.fastmap = fastmap;
@@ -463,7 +467,13 @@ docolon (VALUE *sv, VALUE *pv)
(matchlen == -2 ? errno : EOVERFLOW),
_("error in regular expression matcher"));
- free (re_buffer.buffer);
+ if (0 < re_regs.num_regs)
+ {
+ free (re_regs.start);
+ free (re_regs.end);
+ }
+ re_buffer.fastmap = NULL;
+ regfree (&re_buffer);
return v;
}
generated by cgit v1.2.3-70-g09d2 (git 2.48.0) at 2025-01-16 09:25:07 +0000